Deny-built-in-web-identity-providers

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:federatedProvider": [
                        "accounts.google.com",
                        "graph.facebook.com", 
                        "cognito-identity.amazonaws.com", 
                        "www.amazon.com"
                    ]
                }
            }
        }
    ]
}

from：https://github.com/aws-samples/resource-control-policy-examples/blob/main/Limit-access-to-trusted-OIDC-identity-providers/Deny-built-in-web-identity-providers.json